package com.example.demo.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.bind.annotation.CrossOrigin;

@Configuration
public class UserSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http)throws Exception{

        http.formLogin()
                .loginPage("/toLogin")
                .loginProcessingUrl("/suibian")
                .defaultSuccessUrl("/toMain",true)
                .failureUrl("/failure");

        http.logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/toLogin")
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
                .deleteCookies("JSESSIONID")
                .invalidateHttpSession(true)
                .and();

       http.authorizeRequests()
                .antMatchers("/toLogin","/register").anonymous()
                .antMatchers("/failure","/doRegister","https://cas.dgut.edu.cn?appid=javaee","/login/dgut","/token").permitAll()
                .antMatchers("/css/**", "/img/**", "/js/**" , "/layui/**").permitAll()
                .antMatchers("/admin1").hasRole("管理员")
               .antMatchers("/userMange").hasRole("管理员")
               .antMatchers("/numberMange").hasRole("管理员")
               .antMatchers("/riskareaMange").hasRole("管理员")
                .anyRequest().authenticated();
        //http.csrf().disable();//关闭CSRF安全协议，为了保证完整流程的可用
    }



    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

}
